New research reports over 237 cyber operations targeted space infrastructure from 2023 to 2025.
Researchers describe how attackers placed space satellites and communications systems under direct cyber assault.
A new report states that actors launched 237 operations against the space sector between January 2023 and July 2025 during the Gaza conflict.
Analysts at the Center for Security Studies at ETH Zürich compiled information from social media posts, news articles, and cybercrime forums about attacks on the Israeli space sector and international agencies.
Attackers triggered the sharpest surge in June 2025 during the Israel-Iran confrontation, when researchers logged 72 operations in one month.
This figure represents almost one-third of all incidents identified during the study period, according to report author Clémence Poirier.
The report states that cyber operations against the space sector now form part of a broad trend during armed conflicts and compares the activity to patterns seen during Russia’s recent invasion of Ukraine.
Researchers identified all but one threat actor in the space sector as pro-Palestinian groups.
The study explains that Hamas operates no satellites or space systems over the Gaza Strip and suggests pro-Israeli groups may have conducted undisclosed operations.
Attack Waves Hit Defence and Aerospace Targets
Ten attacks followed Hamas’s armed incursion on October 7, 2023, and these operations struck organisations such as the Israel Space Agency and the defence firm Rafael.
The report states that the escalation surprised hacktivists globally and that hackers needed time to organise and select targets.
Hacktivists ultimately targeted 77 different space organisations or companies during the Gaza conflict.
Attackers focused on Rafael, Elbit Systems, and the Israel Space Agency, while also striking international bodies such as NASA.
The report explains that most attackers selected aerospace and defence companies because these firms manufacture military equipment rather than conduct space activities.
More than 70 percent of attacks used denial-of-service methods that overwhelmed networks and forced crashes for users.
Attackers used DDoS methods because these techniques require little expertise, operate quickly, and divert attention from more complex intrusions.
Other attackers executed data leaks, intrusions, and breaches.
Some actors timed data sales or leaks to major conflict events, although the study admits that verifying such timing remains difficult and that attackers might have fabricated some claims.
The study concludes that manual open-source research revealed so many incidents that the real volume of attacks likely exceeds documented figures.
Escalating Conflict Drives Persistent Space-Sector Intrusions
The largest spike in attacks appeared during the 12-day clash between Israel and Iran in June 2025, when researchers counted 72 operations.
During that period, pro-Palestinian and pro-Iranian groups targeted Israel concurrently.
The report notes that the two wars shaped each other politically, militarily, and rhetorically, and that threat actors active in one arena often launched operations relevant to the other.
Hacktivist groups reused elements of effective attacks from other conflicts and adapted them to the Gaza conflict.
A 2023 DDoS attack by the “Cyber Army of Palestine” on the Israel Space Agency used code similar to that employed by the IT Army of Ukraine.
Most incidents caused limited physical or operational harm, yet the report states that the activity pattern highlights the future direction of space-based cyber conflict.
The study concludes that cyber operations against the space sector now function as consistent elements in modern conflicts because hacktivists show strong interest in targeting industry actors.
The study urges the development of space-focused cyber strategies to protect space infrastructure from further assaults.
